fix: enforce required auth middleware

2026-01-13 10:36:48 +08:00
parent 2a670b3a78
commit 56e60e0972
2 changed files with 22 additions and 5 deletions
--- a/backend/app/http/v1/routes.manual.go
+++ b/backend/app/http/v1/routes.manual.go
@@ -7,6 +7,6 @@ func (r *Routes) Path() string {
 func (r *Routes) Middlewares() []any {
 	return []any{
 		r.middlewares.TenantResolver,
-		r.middlewares.Auth,
+		r.middlewares.AuthRequired,
 	}
 }
--- a/backend/app/middlewares/middlewares.go
+++ b/backend/app/middlewares/middlewares.go
@@ -31,25 +31,42 @@ func (f *Middlewares) Prepare() error {
 	return nil
 }

-func (m *Middlewares) Auth(ctx fiber.Ctx) error {
+func (m *Middlewares) AuthOptional(ctx fiber.Ctx) error {
+	return m.authenticate(ctx, false)
+}
+
+func (m *Middlewares) AuthRequired(ctx fiber.Ctx) error {
 	if isPublicRoute(ctx) {
-		return ctx.Next()
+		return m.AuthOptional(ctx)
 	}
+	return m.authenticate(ctx, true)
+}
+
+func (m *Middlewares) authenticate(ctx fiber.Ctx, requireToken bool) error {
 	authHeader := ctx.Get("Authorization")
 	if authHeader == "" {
+		if requireToken {
 			return errorx.ErrUnauthorized.WithMsg("Missing token")
 		}
+		return ctx.Next()
+	}

 	claims, err := m.jwt.Parse(authHeader)
 	if err != nil {
 		return errorx.ErrUnauthorized.WithCause(err).WithMsg("Invalid token")
 	}

-	// get user model
+	// 获取用户信息，确保 token 与账号状态一致。
 	user, err := services.User.GetModelByID(ctx, claims.UserID)
 	if err != nil {
 		return errorx.ErrUnauthorized.WithCause(err).WithMsg("UserNotFound")
 	}
+	if user.Status == consts.UserStatusBanned {
+		return errorx.ErrAccountDisabled
+	}
+	if user.Status == consts.UserStatusBanned {
+		return errorx.ErrAccountDisabled
+	}

 	// Set Context
 	ctx.Locals(consts.CtxKeyUser, user)